header sanity

Hi there,

I was wondering what amavisd-new does exactly to ensure Received
header sanity.

For example if I look at my logs I see
" Passed SPAM, [80.92.69.56] [77.87.224.34] "
The first IP is the one delivering to my MX, so it can be trusted. The
second IP is the IP from the first host (i.e. last Received: header)
in the mail.

Now the headers (the relevant ones) look like:

.....
X-ClientAddr: 217.95.30.242
Received: from pD95F1EF2.dip0.t-ipconnect.de (pD95F1EF2.dip0.t-
ipconnect.de [217.95.30.242])
by hosting1.xxxxx (8.13.1/8.13.1) with SMTP id m417cnVV001458
for <arts@gum.lu>; Thu, 1 May 2008 09:38:51 +0200
Received: from 77.87.224.34 (HELO mx1.bund.de)
by gum.lu with esmtp ({nChar[8-12]} {nChar[4-6]})
id LtyEyr-Gj2Ogl-zk
for arts@gum.lu; Thu, 01 May 2008 09:39:18 +0200

Obviously the IP 77.87.224.34 is a fake since the "from" line in the
upper header has nothing to do with the " by" line in the lower
header. (I would have liked to see [217.95.30.242] as the second log
entry, or simply an empty entry if it was not sure.)

If I feed such mails to spamcop they recognize the fraud, but I guess
amavis (still?) doesn't.

Best regards,
Marc
--
DO NOT REPLY TO THIS EMAIL ADDRESS, IT WILL NOT WORK
ACTUALLY YOU WILL AUTOMATICALLY BE BLACKLISTED